Group ID's and bit mask

utzoo!decvax!ucbvax!unix-wizards utzoo!decvax!ucbvax!unix-wizards
Mon Nov 9 22:32:08 AEST 1981


>From z at CCA-UNIX Mon Nov  9 21:54:33 1981

I was away for three weeks and am just catching up on my news, which is
why this message is a little late.

I am an old Tenex veteran, and one of the first things I did a year and a
half ago after bringing up 3BSD on our VAX was to make the groups feature
more usable.  Access is done on the basis of a bit mask, but using one
which may span several words, so that the number of possible groups can
be changed at compile time.  We use 256 maximum, though this can be
easily changed up or down.  The bit mask allows each user to always have
the permissions of all his groups simultaneously.  Newly created files
are created with the group of their parent directory.  In addition, we
have fixed "chgrp" so that the user may change the group of any of his
files to any other group of which he is a member.  This does not seem to
be an additional security problem, since he could always do this in a
roundabout way anyway.  Mkdir was also changed slightly so that new
directories are created with the group of their parent.

This scheme has worked very well for us.  Although it is implemented for
4BSD, the changes to the kernel are quite small and fairly trivial, and
I'm sure it would work with little or no modification for V6 and V7.  I
also understand that Berkeley plans to implement either this scheme or
something very close to it in their next release.  I have a short memo
prepared on how to imlement this change; if you are interested in it,
I'd be happy to send you an (electronic) copy.  I can be reached either
as z at cca-unix or decvax!cca!z.



More information about the Comp.unix.wizards mailing list